How Hospitals are Keeping Patient Data Secure

June 10, 2018

Given the wealth of sensitive personal data healthcare organizations process and store, it's no surprise that hospitals, medical offices, and other healthcare systems are prime targets for cybercrime. In 2014, an estimated 85 percent of large healthcare organizations faced a data breach, and one in five of those breaches cost the organization more than $1 million to rectify.[1]

Due to the costs a data breach can inflict on the operation, as well as the patients it's entrusted to care for, healthcare organizations have become more vigilant and determined to battle cybercrime - and their efforts underscore important steps any business can apply to improve data security.

Step #1: Ensure you’re using devices with multiple layers of security

The problem: For the sake of efficiency, some healthcare operations favored the status quo rather than adopting new technologies designed with advanced security features.[2] Many doctors' offices, for instance, relied on pre-printed prescription pads, which stand particularly susceptible to fraud.

How healthcare is responding: Healthcare organizations are leveraging new options to protect them from loss or liability and reduce fraud. Pre-printed and hand-written prescriptions have given way to more secure options like electronic prescriptions and the HP Prescription Printing Security Solution, which produces tamper-resistant prescriptions that print with security features to assist with stringent government regulations.

The lesson for your business: Data and business information is more vulnerable than ever. The percentage of breaches involving a compromised person or their devices has more than doubled in the last six years.[3] Are there places in your organization where outdated technology makes you more susceptible to a breach? If so, how can you close the loop and fortify your business with improved technologies?

Step #2: Assess security across your fleet

The problem: Healthcare operations often focused their security efforts on protecting the most frequently attacked endpoints: the network perimeter, internal computer workstations, and server assets. Though this practice thwarted many unscrupulous attempts to breach data, cyber thieves could still sneak into “side doors,” such as network-connected printers, point-of-system (POS) machines, and even HVAC systems.

How healthcare is responding: Healthcare organizations are working to secure and protect all endpoints, not just the most common targets. A solution such as HP Access Control provides healthcare organizations with print authentication, auditing, authorization, accounting, and secure “pull” printing capabilities to bolster security.

The lesson for your business: Take time to analyze your tech environment and understand the full scope of your security needs, particularly with respect to those often-overlooked elements like uncontrolled print environments.

Step #3: Implement security best practices

The problem: As fast-moving enterprises, healthcare organizations were prone to neglect proven best practices in data security that should have been implemented across the organization.

How healthcare is responding: Savvy operations are now applying numerous best practices in digital security, such as installing up-to-date malware on company-owned devices, connecting printers to the organization's private network behind a firewall, upgrading devices to the latest firmware, and setting strong administrative passwords to protect devices and prevent configuration changes.

The lesson for your business: Install a multi-layered and comprehensive security plan driven by proven practices.

Step #4: Provide ongoing monitoring and management of security

The problem: From modest events such as an innocent hospital visitor wandering into a restricted printing area, to more malicious occurrences like a disreputable third-party vendor attempting to capture patient information from a desktop computer, healthcare operations faced numerous threats and liabilities each day.

How healthcare is responding: Hospitals have rolled out policies to reduce the risk of a data breach, even if it means a layer of inconvenience for staff and patients. Policies include locking doors and tethering printers, restricting network or computer access, and locking down unused functions.

The lesson for your business: Don't slack on security, which is a 24/7 effort in today's digital age. You can never be too proactive or careful.

Learning from healthcare’s example

By consistently assessing security needs, as well as monitoring the security environment and applying battle-tested strategies, healthcare organizations have put security top of mind, placed themselves in a better position to thwart digital thieves, and presented a game plan for businesses of all stripes to follow.

Their efforts also emphasize an important message: with heightened, ongoing vigilance, the risk of a data breach - and the potential pain it can inflict on your business and its customers - can be minimized.

Need help?

Prices, specifications, availability and terms of offers may change without notice. Price protection, price matching or price guarantees do not apply to Intra-day, Daily Deals or limited-time promotions. Quantity limits may apply to orders, including orders for discounted and promotional items. Despite our best efforts, a small number of items may contain pricing, typography, or photography errors. Correct prices and promotions are validated at the time your order is placed. These terms apply only to products sold by HP.com; reseller offers may vary. Items sold by HP.com are not for immediate resale. Orders that do not comply with HP.com terms, conditions, and limitations may be cancelled. Contract and volume customers not eligible.

HP’s MSRP is subject to discount. HP’s MSRP price is shown as either a stand-alone price or as a strike-through price with a discounted or promotional price also listed. Discounted or promotional pricing is indicated by the presence of an additional higher MSRP strike-through price

The following applies to HP systems with Intel 6th Gen and other future-generation processors on systems shipping with Windows 7, Windows 8, Windows 8.1 or Windows 10 Pro systems downgraded to Windows 7 Professional, Windows 8 Pro, or Windows 8.1: This version of Windows running with the processor or chipsets used in this system has limited support from Microsoft. For more information about Microsoft’s support, please see Microsoft’s Support Lifecycle FAQ at https://support.microsoft.com/lifecycle

In-home warranty is available only on select customizable HP desktop PCs. Need for in-home service is determined by HP support representative. Customer may be required to run system self-test programs or correct reported faults by following advice given over phone. On-site services provided only if issue can't be corrected remotely. Service not available holidays and weekends.

HP will transfer your name and address information, IP address, products ordered and associated costs and other personal information related to processing your application to Bill Me Later®. Bill Me Later will use that data under its privacy policy.

Microsoft Windows 10: Not all features are available in all editions or versions of Windows 10. Systems may require upgraded and/or separately purchased hardware, drivers, software or BIOS update to take full advantage of Windows 10 functionality. Windows 10 is automatically updated, which is always enabled. ISP fees may apply and additional requirements may apply over time for updates. See http://www.microsoft.com.

HP Rewards qualifying and eligible products/purchases are defined as those from the following categories: Printers, Business PCs (Elite, Pro and Workstation brands), select Business Accessories and select Ink, Toner & Paper.